4.3 Security

The eNVM is protected using four levels of security features:

  • The eNVM page protection uses two levels: factory lock and user lock. Factory lock is not accessible for the user. Refer to the 4.2.5.4 Set Lock Bit and User Unlock Commands.
  • There are two or four special sectors per eNVM array that can be protected for read and write, depending on which entity is accessing the region as shown in Figure 4-18 through Figure 4-22. On devices with smaller or bigger eNVMs, the upper 4 KB special sector is aligned to the top 4 KB region of the eNVM. These user-protectable 4 KB special sectors can be configured by Libero software, see Figure 4-29.
  • There are two private regions in M2S060, M2S090, and M2S150 as shown in Figure 4-21 and Figure 4-22 which are reserved for storing device certificate, eNVM digest, security keys and so on. Only system controller can access the private regions. See 4.3.2 eNVM Pages for Special Purpose Storage
  • Using AHB bus master access control, the eNVM can be protected from different masters connected on the AHB bus matrix. Refer to the AHB Bus Matrix.
  • User-defined regions can be protected from the FPGA fabric.